VoIP caller authentication by voice signature continuity

ABSTRACT

There are provided methods and systems for authenticating a user. A method includes receiving a voice signature certificate corresponding to a setup portion of a Voice over Internet Protocol (VoIP) call. The VoIP call further has a voice conversation portion. The voice signature certificate includes a voice signature segment. The method further includes reproducing the voice signature segment to enable verification of voice continuity from the setup portion to the voice conversation portion. The verification is performing by comparing the voice signature segment to a user&#39;s voice during the voice conversation portion.

BACKGROUND

1. Technical Field

The present invention relates generally to voice communications and,more particularly, to Voice over Internet Protocol (VOIP) callerauthentication by voice signature continuity.

2. Description of the Related Art

Traditional Public Switched Telephone Network (PSTN) telephone networksprovide a method (hereinafter referred to as caller identification orcaller ID, in short) that allows a called party to identify a callingparty. With the advance of the Voice over Internet Protocol (VoIP)environment, the secure authentication of caller ID has disappeared. Acalling party can spoof the caller ID at will. Moreover, even when thecaller ID is initially correct, the corresponding voice path of theSession Initiation Protocol (SIP) session can be hijacked such that acalled party talks to a different person than that identifier by thecaller ID after the SIP signaling path is successfully established.

Although there are some mechanisms in SIP/VoIP to provide authenticationand security for VoIP calls, these mechanisms all require a public keyinfrastructure (PKI) to provide the certificate and encryption key foreach phone. A PKI for every phone does not currently exist, and will notbe available for the foreseeable feature. Moreover, VoIP convertedtraditional phones (by a VoIP gateway or a VoIP conversation devicedirectly attached to a Plain Old Telephone Service (POTS) phone) andmost conventional VoIP phones do not implement the advanceauthentication and encryption mechanism.

SUMMARY

Embodiments of the present invention are directed to Voice Over InternetProtocol (VoIP) caller authentication by voice signature continuity.

According to an aspect of the present invention, there is provided amethod for authenticating a user. The method includes receiving a voicesignature certificate corresponding to a setup portion of a Voice overInternet Protocol (VoIP) call. The VoIP call further has a voiceconversation portion. The voice signature certificate includes a voicesignature segment. The method further includes reproducing the voicesignature segment to enable verification of voice continuity from thesetup portion to the voice conversation portion. The verification isperforming by comparing the voice signature segment to a user's voiceduring the voice conversation portion.

According to another aspect of the present invention, there is provideda method for authenticating a user. The method includes forming a voicesignature certificate for the user. The voice signature certificateincludes a voice signature segment. The method includes sending thevoice signature certificate to a called device in response to a setupportion of a Voice over Internet Protocol (VoIP) call to the calleddevice, to enable a subsequent verification of voice continuity from thesetup portion to a subsequent voice signature portion of the VoIP call.

According to yet another aspect of the present invention, there isprovided a system for authenticating a user. The system includes a voicesignature continuity verification device configured to verify a voicecontinuity of the user from a setup portion to a voice conversationportion of a Voice over Internet Protocol (VoIP) call, by receiving avoice signature certificate corresponding to the setup portion of theVoIP call, the voice signature certificate including a voice signaturesegment, and by reproducing the voice signature segment to enableverification of the voice continuity. The verification is performed bycomparing the voice signature segment to a user' voice during the voiceconversation portion.

According to still another aspect of the present invention, there isprovided a system for authenticating a user. The system includes a voicesignature certificate forming device configured to form a voicesignature certificate for the user. The voice signature certificateincludes a voice signature segment. The system further includes a callsetup voice signature certificate manager configured to send the voicesignature certificate to a called device in response to a setup portionof a Voice over Internet Protocol (VoIP) call to the called device, toenable a subsequent verification of voice continuity from the setupportion to a subsequent voice signature portion of the VoIP call.

These and other objects, features and advantages will become apparentfrom the following detailed description of illustrative embodimentsthereof, which is to be read in connection with the accompanyingdrawings.

BRIEF DESCRIPTION OF DRAWINGS

The disclosure will provide details in the following description ofpreferred embodiments with reference to the following figures wherein:

FIG. 1 is a diagram illustrating an exemplary environment in whichembodiments of the present invention may be applied; and

FIG. 2 is a diagram illustrating an exemplary method for Voice overInternet Protocol (VoIP) authentication by voice signature continuity.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Embodiments of the present invention implement methods and systems forVoice over Internet Protocol (VoIP) authentication by voice signaturecontinuity. By utilizing voice signature continuity, it may be verifiedwhether or not the person identified by a caller identification is thesame person speaking during the corresponding voice conversation. Thatis, voice signature continuity may be utilized such that a voicesignature sent to a called party or called machine during a call sessionsetup matches a voice signature sent to the called party or calleddevice during the subsequent corresponding voice conversation.

It should be understood that the elements shown in the FIGURES may beimplemented in various forms of hardware, software or combinationsthereof. Preferably, these elements are implemented in software on oneor more appropriately programmed general-purpose digital computershaving a processor and memory and input/output interfaces.

Embodiments of the present invention can take the form of an entirelyhardware embodiment, an entirely software embodiment or an embodimentincluding both hardware and software elements. Such software includesbut is not limited to firmware, resident software, middleware,microcode, and so forth.

Furthermore, the invention can take the form of a computer programproduct accessible from a computer-usable or computer-readable mediumproviding program code for use by or in connection with a computer orany instruction execution system. For the purposes of this description,a computer-usable or computer readable medium can be any apparatus thatmay include, store, communicate, propagate, or transport the program foruse by or in connection with the instruction execution system,apparatus, or device. The medium can be an electronic, magnetic,optical, electromagnetic, infrared, or semiconductor system (orapparatus or device) or a propagation medium. Examples of acomputer-readable medium include a semiconductor or solid state memory,magnetic tape, a removable computer diskette, a random access memory(RAM), a read-only memory (ROM), a rigid magnetic disk and an opticaldisk. Current examples of optical disks include compact disk—read onlymemory (CD-ROM), compact disk—read/write (CD-R/W) and DVD.

A data processing system suitable for storing and/or executing programcode may include at least one processor coupled directly or indirectlyto memory elements through a system bus. The memory elements can includelocal memory employed during actual execution of the program code, bulkstorage, and cache memories which provide temporary storage of at leastsome program code to reduce the number of times code is retrieved frombulk storage during execution. Input/output or I/O devices (includingbut not limited to keyboards, displays, pointing devices, etc.) may becoupled to the system either directly or through intervening I/Ocontrollers.

Network adapters may also be coupled to the system to enable the dataprocessing system to become coupled to other data processing systems orremote printers or storage devices through intervening private or publicnetworks. Modems, cable modem and Ethernet cards are just a few of thecurrently available types of network adapters.

Referring now in detail to the figures in which like numerals representthe same or similar elements and initially to FIG. 1, an environment inwhich embodiments of the present invention may be applied is indicatedgenerally by the reference numeral 100.

The environment 100 includes a called party's phone 150, a Voice overInternet Protocol (VoIP) gateway 160, a network (e.g., the Internet)170, and a calling entity 180 (e.g., a bank, etc.). The calling entity180 may include one or more phones 180A. The called party's phone 150 isconnected in signal communication with the VoIP gateway 160 which, inturn, is connected to the network 170. The network is connected insignal communication with the calling entity 180.

For illustrative purposes, the calling entity 180 is one that includesmultiple phones and, hence, multiple possible calling parties. Ofcourse, embodiments of the present invention are not limited to such aconfiguration and may be implemented with respect to different numbersof calling entities (e.g., more than one) and different numbers ofcalling parties (e.g., one or more than one) at each of the callingentities than that shown in FIG. 1. Moreover, it is to be appreciatedthat while the voice signature certificate is described herein withrespect to a single voice signature corresponding to a single callingparty being included in the voice signature certificate, in otherembodiments, more than one voice signature may be included in a voicesignature certificate for cases where more than one possible callingparty may call from the same calling entity. In such a case, it ispreferably, but not mandatory, that the included voice signatures beshort enough so as to not cause undue delay in listening/evaluating theincluded voice signatures with respect to the actual voice of thecalling party during the voice conversation portion of the call.

An illustrative embodiment of the present invention includes a system110 for Voice over Internet Protocol (VoIP) caller authentication byvoice signature continuity. The system 110 includes a voice signaturecertificate device 112 and a voice signature continuity verificationdevice 114.

The voice signature certificate device 112 may include a voice signatureextractor 112A, a voice signature certificate forming device 112B, and acall setup voice signature certificate manager 112C.

The voice signature certificate device 112 may be configured to processa voice signature certificate 177 during a call setup. For example, thevoice signature certificate forming device 112B may be configured toform a voice signature certificate, e.g., using a voice signatureextracted by the voice signature extractor 112A. The voice signaturecertificate 177 may be pre-created (i.e., prior to a particular call(s))or dynamically created upon the initiation of a call (i.e., upon callsetup). The voice signature certificate manager 112C may be configuredto send the voice signature certificate at an appropriate time. Thevoice signature certificate may be managed by the voice signaturecertificate manager 112C so that the voice signature certificate is sentto a called device in response to the initiation of a call to the calleddevice or at some other time (e.g., earlier than call setup inpreparation for a known incoming call from a particular calling party).The call setup may involve, e.g., Session Initiation Protocol (SIP).

The voice signature certificate includes a text segment to identify theID of the calling party or the calling party's company (hereinaftercollectively referred to as the ID of the caller/calling party or thecaller ID). The voice signature certificate also includes a voicesegment that includes the voice signature of the calling party.

The voice signature can be, e.g., but is not limited to, a few seconds(or more) of speech data from the calling party. The voice signature canbe extracted from the calling party using the voice signature extractor112A. The voice signature extractor 112A may simply include an acoustictransducer (e.g., a microphone), optional processing circuitry (analogto digital converter, filters, etc.), and a corresponding memory device,or may involve the use of a speaker recognition system to perform thevoice signature extraction. The voice certificate can optionally besigned by, e.g., a known certificate provider.

The voice signature certificate may be sent from the calling party tothe called party during call setup (e.g., during SIP session setup).

The voice signature continuity verification device 114 may be configuredto optionally verify the voice signature certificate, extract the voicesignature from the certificate, and reproduce the voice signature to thecalled party. The voice signature extracted from the voice signaturecertificate serves as a reference voice pattern for the correspondingvoice conversation. This allows the called party (or the computer onbehalf of the called party) to verify the continuity between the voicesignature (included in the voice signature certificate) and thecorresponding voice conversation, to authenticate the calling party. Forexample, the calling party is authenticated when the voice signaturecorresponding to the set up portion of a call (and extracted from thevoice signature certificate) matches the voice of the calling partyduring the voice conversation portion of the call. Moreover, textportion in the voice signature certificate may be used in a caller IDfunction to redundantly authenticate the calling party. Accordingly, thepresent invention advantageously prevents the media path from beinghijacked.

The voice signature continuity verification device 114 can beimplemented, e.g., at a VoIP to Public Switched Telephone Network (PSTN)gateway, within a SIP user agent disposed within the phone of the calledparty, or within or associated with another entity within or operativelycoupled to the phone of the called party as readily contemplated by oneof ordinary skill in this and related arts, while maintaining the spiritof the present invention.

The voice signature continuity verification device 114 may be furtherconfigured to verify the voice signature continuity between the voicecertificate and the corresponding voice conversation. Implementations ofthe voice signature continuity verification device 114 may in involve,but are not limited to, a computer-based speaker identificationmechanism and/or a human. That is, in the latter case, a person (thecalled party himself or herself) may be readily utilized to match thevoice signature provided during the call session setup (i.e., the voicesignature included in the voice signature certificate) with the voice ofthe calling party during the subsequent corresponding voice conversationto ensure that the voice signatures are the same.

It is to be appreciated that the functions of each of the elements ofsystem 110 may be embodied in other devices than those shown in FIG. 1and/or may be embodied in more than one device. For example, thefunctions performed by the voice signature continuity verificationdevice 114 may be so performed by more than one physical device. Giventhe teachings provided herein, these and other variations andconfigurations of the elements of system 110 may be readily determinedby one of ordinary skill in this and related arts while maintaining thespirit of the present invention.

Turning to FIG. 2, a method for Voice over Internet Protocol (VoIP)authentication by voice signature continuity is indicated generally bythe reference numeral 200.

The method 200 includes a start block 202 that passes control to afunction block 205. The function block 205 forms/processes a voicesignature certificate, and passes control to a function block 210.Regarding the function block 205, the voice signature certificate isformed/processed by the voice signature certificate device 112. Theformation/creation of the voice signature certificate may involveextracting a voice signature from a calling party, and associating atext segment and a voice segment to the voice signature certificate suchthat the voice segment includes the extracted voice signature. Moreover,the processing of the voice signature certificate may involve thesigning the voice signature certificate by a known certificateprovider/certifier. As noted above, the text segment identifies the IDof the calling party or the calling party's company (hereinaftercollectively referred to as the ID of the caller/calling party or callerID), and the voice segment is for use during the subsequentcorresponding voice conversation.

The function block 210 sends the voice signature certificate to thecalled device, and passes control to a function block 215. It is to beappreciated that the function block 210 may send the voice signaturecertificate to the called device in response to a call setup portion ofa call such as, e.g., a VoIP call. It is to be further appreciated thatwhile the voice signature certificate is sent to the called device,another device proximate to or along the path to the called device mayintercept the voice signature certificate for processing (e.g., forprocessing as described with respect to function block 215) prior to thecertificate or any data/information therein being ultimately forwardedto the actual called device.

The function block 215 receives the voice signature certificate,verifies the authenticity of the voice signature certificate, extractsthe voice signature from the voice signature certificate, reproduces theextracted voice signature (e.g., audibly via a speaker, or otherwiseprovides a reproduction (e.g., involving signal processing and/orforwarding) for use by a speaker recognition system), and passes controlto a function block 220.

The function block 220 verifies voice continuity from the set up portionto the voice conversation portion of the call by comparing the voicesignature extracted from the voice signature certificate to the voice ofthe calling party during the voice conversation, to verify that thecalling party who submitted the voice signature for use in the voicesignature certificate (and also identified by the caller ID) is the sameperson who is speaking during the voice conversation portion of the calland, optionally, may provide an indication as to the status of the voicecontinuity (e.g., an audible indication on the speaker of the calleddevice or a proximate gateway device or a visual indication on a displayof the called device or a proximate gateway device), and passes controlto an end block 222. The end block terminates the method 200. It is tobe appreciated that the function block 220 verifies that the callingparty during the voice conversation of the call is the same person whosubmitted the voice signature (e.g., corresponding to the call setupportion of the call) by using the continuity of the voice signature fromthe call setup portion to the voice conversation portion of the call.Accordingly, hijacking of the media path between the calling party andthe called party is thwarted. It is to be appreciated that the presentinvention also thwarts spoofing of the caller ID, by using the voicedata (namely the voice signature continuity) in determining callingparty authenticity.

It is to be appreciated that the present invention may be implementedwith respect to any type of phone capable of employing Voice overInternet Protocol (VoIP), including converted phones (e.g., traditionalPlain Old Telephone Service (POTS) phones converted to use VoIP by,e.g., a VoIP gateway or a VoIP conversation device directly attached toa POTS phone). It is to be further appreciated while the presentinvention is described herein primarily with reference to a call setupportion and a subsequent corresponding voice conversation portion, thepresent invention may readily extended/varied to employ different timeswhile still maintaining the spirit of the present invention. Forexample, a separate, earlier phone call or a simple, earlier datatransmission may be used to send the voice signature certificate priorto a particular phone call when the actual voice of the calling party isto be compared in the voice continuity determination.

Having described preferred embodiments of a system and method for Voiceover Internet Protocol (VoIP) authentication by voice signaturecertificate (which are intended to be illustrative and not limiting), itis noted that modifications and variations can be made by personsskilled in the art in light of the above teachings. It is therefore tobe understood that changes may be made in the particular embodimentsdisclosed which are within the scope and spirit of the invention asoutlined by the appended claims. Having thus described aspects of theinvention, with the details and particularity required by the patentlaws, what is claimed and desired protected by Letters Patent is setforth in the appended claims.

1. A method for authenticating a user, comprising: receiving a voicesignature certificate corresponding to a setup portion of a Voice overInternet Protocol (VoIP) call, the VoIP call further having a voiceconversation portion, the voice signature certificate including a voicesignature segment; and reproducing the voice signature segment to enableverification of voice continuity from the setup portion to the voiceconversation portion, the verification being performing by comparing thevoice signature segment to a user's voice during the voice conversationportion.
 2. The method of claim 1, further comprising verifying anauthenticity of the voice signature certificate.
 3. The method of claim1, wherein said reproducing step comprises extracting the voicesignature segment from the voice signature certificate for use by aspeaker recognition system, and the method further comprises the step ofcomparing the voice signature segment to the user's voice using thespeaker recognition system to determine whether a match exists therebetween.
 4. The method of claim 1, wherein said reproducing stepcomprises audibly reproducing the voice signature segment on a speakerfor comparison against the user's voice during the voice conversationportion.
 5. The method of claim 1, wherein the setup portion usesSession Initiation Protocol (SIP).
 6. The method of claim 1, wherein thevoice signature certificate further includes a text segment identifyingthe user, and the method further comprises providing a calleridentification (ID) function using the text segment included in thevoice signature certificate.
 7. The method of claim 1, wherein the voiceconversation portion follows the setup portion.
 8. A method forauthenticating a user, comprising: forming a voice signature certificatefor the user, the voice signature certificate including a voicesignature segment; and sending the voice signature certificate to acalled device in response to a setup portion of a Voice over InternetProtocol (VoIP) call to the called device, to enable a subsequentverification of voice continuity from the setup portion to a subsequentvoice signature portion of the VoIP call.
 9. The method of claim 8,wherein said forming step forms the voice signature certificate tofurther include a text portion identifying the user for use in asubsequent caller identification (ID) function, to collectively identifythe user based on the caller ID function and the voice continuity. 10.The method of claim 8, further comprising signing the voice signaturecertificate by one of a certificate signing authority or a certificateprovider.
 11. The method of claim 8, further comprising the step ofextracting a voice signature of the user for the voice signaturesegment.
 12. A system for authenticating a user, comprising: a voicesignature continuity verification device configured to verify a voicecontinuity of the user from a setup portion to a voice conversationportion of a Voice over Internet Protocol (VoIP) call, by receiving avoice signature certificate corresponding to the setup portion of theVoIP call, the voice signature certificate including a voice signaturesegment, and by reproducing the voice signature segment to enableverification of the voice continuity, the verification being performedby comparing the voice signature segment to a user' voice during thevoice conversation portion.
 13. The system of claim 12, wherein saidvoice signature continuity verification device is further configured toverify an authenticity of the voice signature certificate.
 14. Thesystem of claim 12, wherein said voice signature continuity verificationdevice includes a speaker verification system configured to verify thevoice continuity by comparing the voice segment portion to the user'svoice to determine if a match exists there between.
 15. The system ofclaim 12, wherein said voice signature continuity verification deviceincludes an audible reproduction device configured to audibly reproducethe voice signature segment for comparison against the user's voiceduring the voice conversation portion.
 16. The system of claim 12,wherein the setup portion uses Session Initiation Protocol (SIP). 17.The system of claim 12, wherein the voice signature certificate furtherincludes a text segment identifying the user, and the system furthercomprises a voice signature certificate caller identification deviceconfigured to determine an identify of the user using the text segmentincluded in the voice signature certificate.
 18. A system forauthenticating a user, comprising: a voice signature certificate formingdevice configured to form a voice signature certificate for the user,the voice signature certificate including a voice signature segment; anda call setup voice signature certificate manager configured to send thevoice signature certificate to a called device in response to a setupportion of a Voice over Internet Protocol (VoIP) call to the calleddevice, to enable a subsequent verification of voice continuity from thesetup portion to a subsequent voice signature portion of the VoIP call.19. The system of claim 18, wherein said voice signature certificateforming device forms the voice signature certificate to further includea text portion identifying the user for use in a subsequent calleridentification (ID) function, to collectively identify the user based onthe caller ID function and the voice continuity.
 20. The system of claim18, further comprising a certificate signing device configured to signthe voice signature certificate for subsequent use in authenticating thevoice signature certificate.
 21. The system of claim 18, furthercomprising a speech extractor configured to extract a voice signature ofthe user for the voice signature segment.